2222 connect_timeout : 180
2323 sleep : 5
2424
25+ # If LDAP is configured, repeat failed password checks can lock an account
26+ # Only check the password if the vars are currently set to the default 'admin'
27+ # I.e. Stop checking the password if it is no longer set to its default value
28+
2529# https://github.com/ansible/ansible/issues/34989
2630- name : Check the default Cloudera Manager admin password
31+ delegate_to : " {{ groups.cloudera_manager[0] if 'cloudera_manager' in groups else 'localhost' }}"
2732 uri :
2833 url : " {{ cloudera_manager_protocol }}://{{ cloudera_manager_host }}:{{ cloudera_manager_port }}/api/v2/tools/echo"
2934 validate_certs : " {{ cloudera_manager_tls_validate_certs }}"
3742 - default_admin_password_check.status is defined
3843 - default_admin_password_check.status != -1
3944 run_once : True
40- when : cloudera_manager_admin_password is defined
41-
42- - set_fact :
43- cloudera_manager_api_password : " admin"
44- run_once : True
45+ when :
46+ - cloudera_manager_admin_password is defined
47+ - cloudera_manager_api_password == 'admin'
4548
4649- name : Set the playbook to use the non-default Cloudera Manager admin password
50+ delegate_to : " {{ groups.cloudera_manager[0] if 'cloudera_manager' in groups else 'localhost' }}"
4751 set_fact :
4852 cloudera_manager_api_password : " {{ cloudera_manager_admin_password }}"
4953 run_once : True
5054 when :
5155 - cloudera_manager_admin_password is defined
52- - default_admin_password_check.status == 401
56+ - cloudera_manager_api_password == 'admin'
57+ - default_admin_password_check.status == 401
58+
59+ # The check may have been run on a subset of the hosts previously
60+ # This set_fact ensures that hosts missing from the initial run get a copy of the password
61+
62+ - delegate_to : " {{ groups.cloudera_manager[0] if 'cloudera_manager' in groups else 'localhost' }}"
63+ set_fact :
64+ cloudera_manager_api_password : " {{ cloudera_manager_api_password }}"
65+ run_once : True
0 commit comments